package com.core.basic.secure.suport;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;

import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.AntUrlPathMatcher;
import org.springframework.security.web.util.UrlMatcher;

import com.core.basic.secure.dao.MenuDao;
import com.core.basic.secure.dao.ResourcesDao;
import com.core.basic.secure.domain.Menu;
import com.core.basic.secure.domain.Resources;

public class MySecurityMetadataSource implements
		FilterInvocationSecurityMetadataSource {

    private ResourcesDao resourcesDao;  
    private static Map<String, Collection<ConfigAttribute>> resourceMap = null;  
    private UrlMatcher urlMatcher = new AntUrlPathMatcher();
    public ResourcesDao getResourcesDao() {  
        return resourcesDao;  
    }  

	public void setResourcesDao(ResourcesDao resourcesDao) {  
        this.resourcesDao = resourcesDao;  
    }  
  
    public Collection<ConfigAttribute> getAllConfigAttributes() {  
        return null;  
    }  
  
    public boolean supports(Class<?> clazz) {  
        return true;  
    }  
    //加载所有资源的关系  
    private void loadResourceDefine() {  
        if(resourceMap == null) {
            resourceMap = new HashMap<String, Collection<ConfigAttribute>>();  
            List<Resources> resources = this.resourcesDao.findAll();  
            for (Resources res : resources) {  
                Collection<ConfigAttribute> configAttributes = new ArrayList<ConfigAttribute>();  
            //以权限名封装为Spring的security Object  
                ConfigAttribute configAttribute = new SecurityConfig(res.getName());  
                configAttributes.add(configAttribute);  
                resourceMap.put(res.getUrl(), configAttributes);  
            }
        }
        
        Set<Entry<String, Collection<ConfigAttribute>>> privilegeSet = resourceMap.entrySet();  
        Iterator<Entry<String, Collection<ConfigAttribute>>> iterator = privilegeSet.iterator();  
          
    }  
    //返回所请求资源所需要的权限  
    public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {  
        String requestUrl = ((FilterInvocation) object).getRequestUrl();  
        if(resourceMap == null) {
            loadResourceDefine();  
        }
        Iterator<String> ite = resourceMap.keySet().iterator();  
        while (ite.hasNext()) {  
        	String resURL = ite.next();
        	System.out.println(requestUrl+":"+resURL);
        	if (urlMatcher.pathMatchesUrl(resURL, requestUrl)) {
        		System.out.println(requestUrl+":"+resURL);
        		 Collection<ConfigAttribute> returnCollection = resourceMap.get(resURL);
        		 System.out.println(resourceMap.get(resURL).toArray());
        		 return returnCollection;
            }
        }
        
        return null;
    }  
}
